Penetration Testing mailing list archives
Re: MySQL compromise
From: Claudio Criscione <blackfireml () tiscali it>
Date: Wed, 9 Jan 2008 13:24:38 +0100
Il Friday 04 January 2008 15:40:03 Clone ha scritto:
or network commands? Is there a way to compromise their internal network from here?
You can play with INTO OUTFILE to create files around in the filesystem, and this is very interesting if you have a webserver on the same machine or if the mysql server is running with high privileges. Claudio ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- MySQL compromise Clone (Jan 08)
- Re: MySQL compromise Josh Miller (Jan 09)
- Re: MySQL compromise Jon Hart (Jan 10)
- Re: MySQL compromise pentestr (Jan 10)
- Re: MySQL compromise Gleb Paharenko (Jan 09)
- Re: MySQL compromise Claudio Criscione (Jan 09)
- Re: MySQL compromise Laszlo KLOCK (Jan 09)
- Re: MySQL compromise Marco Ivaldi (Jan 15)
- Re: MySQL compromise Kelly Keeton (Jan 09)
- Re: MySQL compromise Josh Miller (Jan 09)